Lizard Squad website hacked revealing customer names and passwords

Lizard Squad, which carried out sustain distributed denial of service (DDoS) attacks against PSN and Xbox Live last month has had its own website hacked and its customer database stolenReuters

The hackers behind the attacks on Playstation Network (PSN) and Xbox Live - known as Lizard Squad - have seen their own website hacked and customer database stolen - including unencrypted passwords.

Last month Lizard Squad claimed responsibility for a series of cyber-attacks against Sony and Microsoft's gaming networks which crippled the systems for several days over the Christmas period. At the end of the month the group revealed the attacks were all part of a publicity campaign for its own DDoS service called LizardStresser.

For between $6 and $500 the group offered their services to anyone who wanted to take down someone else's website.

However over the weekend it emerged that Lizard Squad's own website became the target of an attack with LizardStresser.su getting compromised.

The website is used to coordinate the attacks and sign up customers for its subscription DDoS-as-a-service offering. According to security researcher Brian Krebs, the hackers were able to obtain a copy of the group's customer database:

"A copy of the LizardStresser customer database shows that it attracted more than 14,241 registered users, but only a few hundred appear to have funded accounts at the service."

Paying customers

One page of hundreds of support ticket requests filed by LizardStresser usersKrebsonSecurity

The database showed that Lizard Squad stored all customer account information - including passwords - in plain text, which is a major security blunder.

While there were a large number of registered users, only a small percentage were paying customers, with a total of $11,000 being paid in bitcoin to take thousands of websites offline, including Krebs' own site.

Krebs, who has been investigating the group for some time, describes Lizard Squad as "a band of young hooligans" who are synonymous with an English language cyber-crime forum called Darkode.

Since the attacks on PSN and Xbox Live, authorities in the US and UK have been carrying out a major investigation resulting in several arrests in the UK in recent weeks.

On New Years' Eve a 22-year-old from Twickenham was arrested on suspicion of fraud by false representation and Computer Misuse Act offences, and is scheduled to appear in court again on 10 March.